package com.dayang.controllor;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.error.OAuthError;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.message.types.ParameterStyle;
import org.apache.oltu.oauth2.common.utils.OAuthUtils;
import org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest;
import org.apache.oltu.oauth2.rs.response.OAuthRSResponse;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import com.dayang.dto.UserJson;
import com.dayang.service.OAuthService;
import com.dayang.util.Constants;


@Controller
public class UserinfoController {
	
	  @Resource 
	  private OAuthService oAuthService; 
	  
	 @RequestMapping("/userInfo")
	    public HttpEntity userInfo(HttpServletRequest request) throws OAuthSystemException {
	        try {

	            //构建OAuth资源请求
	            OAuthAccessResourceRequest oauthRequest = new OAuthAccessResourceRequest(request, ParameterStyle.QUERY);
	            //获取Access Token
	            String accessToken = oauthRequest.getAccessToken();

	            //验证Access Token
	            if (!oAuthService.checkAccessToken(accessToken)) {
	                // 如果不存在/过期了，返回未验证错误，需重新验证
	            	 OAuthResponse oauthResponse = OAuthRSResponse
	                        .errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
	                       .setErrorDescription(Constants.INVALID_TOKEN_EOORR_DESCRIPTION)
	                        .setError(OAuthError.ResourceResponse.INVALID_TOKEN)
	                       .buildJSONMessage();

	                HttpHeaders headers = new HttpHeaders();
	                headers.setContentType(MediaType.APPLICATION_JSON_UTF8);
	                //headers.add(OAuth.HeaderType.WWW_AUTHENTICATE, oauthResponse.getHeader(OAuth.HeaderType.WWW_AUTHENTICATE));
	                return new ResponseEntity(oauthResponse.getBody(),headers, HttpStatus.UNAUTHORIZED);
	            }
	            //返回用户名
	            String username = oAuthService.getUsernameByAccessToken(accessToken);
	            UserJson  user = new UserJson();
	            user.setUserId(username);
	            user.setOpenId(username);
	            return new ResponseEntity(user, HttpStatus.OK);
	        } catch (OAuthProblemException e) {
	            //检查是否设置了错误码
	            String errorCode = e.getError();
	            if (OAuthUtils.isEmpty(errorCode)) {
	                OAuthResponse oauthResponse = OAuthRSResponse
	                        .errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
	                        .setRealm(Constants.RESOURCE_SERVER_NAME)
	                        .buildHeaderMessage();

	                HttpHeaders headers = new HttpHeaders();
	                headers.add(OAuth.HeaderType.WWW_AUTHENTICATE, oauthResponse.getHeader(OAuth.HeaderType.WWW_AUTHENTICATE));
	                return new ResponseEntity(headers, HttpStatus.UNAUTHORIZED);
	            }

	            OAuthResponse oauthResponse = OAuthRSResponse
	                    .errorResponse(HttpServletResponse.SC_UNAUTHORIZED)
	                    .setRealm(Constants.RESOURCE_SERVER_NAME)
	                    .setError(e.getError())
	                    .setErrorDescription(e.getDescription())
	                    .setErrorUri(e.getUri())
	                    .buildHeaderMessage();

	            HttpHeaders headers = new HttpHeaders();
	            headers.add(OAuth.HeaderType.WWW_AUTHENTICATE, oauthResponse.getHeader(OAuth.HeaderType.WWW_AUTHENTICATE));
	            return new ResponseEntity(HttpStatus.BAD_REQUEST);
	        }
	    }
	

}
